Cyber security: Don’t report on ESG without it

Mandates for environmental, social and governance (ESG) reporting are intensifying across all industries. Although sectors like retail and technology will likely soon face more stringent expectations, fintech companies, financial services, and oil and gas and public utilities are already under pressure from investors, boards of directors, and other stakeholders to be more transparent about their ESG efforts.

In addition to perennial concerns like anticorruption, clean water and climate change, cyber security is rising to the top of the ESG agenda. In a recent survey, 67.4 percent of respondents from the U.S., Canada, Europe, and Asia ranked cyber security as their top concern.1

Why now?

Socially conscious investing has already taken off with a focus on the environmental, diversity and social justice postures of potential investment targets. In light of recent security breaches like the ransomware attacks on the oil pipeline and a major meat production company, consumers of all kinds are becoming more and more savvy about potential cyber vulnerabilities at the organizations with which they connect and share data. As a result, there is a demand for transparency into how organizations use and protect the confidentially and integrity of personal data of everyday individuals. The consequences of failing to protect customer data can range from a devastating loss of assets; to eroded “trust” between the organization and its customers, employees, and third parties; to irreparable harm to the organization’s reputation, brand, and bottom line.

Taking an ESG approach to your cyber security reporting can promote digital trust in your organization. Learn more in our paper.